Many of the Metacoda Plug-ins have Filter Bars which provide a way to filter the contents displayed and show an interesting subset. Normally they do simple case-insensitive “contains” filtering on key attributes like name and description (the filter bar label indicates which attributes are used).

Simple text filtering, as described above, is sufficient for many needs. However, for more advanced requirements there is the ability to switch to expression-based filters which are much more flexible. To use expression-based filtering you add a #@ prefix at the beginning of the filter bar field. What follows is then an expression that can use many of the other attributes/columns available in the tables. This expression is written as a Java like expression (BeanShell to be precise) and must resolve to a boolean true/false to determine whether a row should be shown in the table. Any errors in the expression will be shown in a popup error dialog.

This will allow you to do complex expressions like this in the User Reviewer:

… meaning show me all users whose name starts with R (case-insensitive), that don’t have Manager in their job title (case-sensitive), and have more than 1 login available to them.

Lists of the attributes available in the various Metacoda Plug-ins and tables are given in the Metacoda Plug-ins Filter Bars documentation. This post and future ones will also provide some additional examples of expressions that can be used to highlight interesting SAS security metadata subsets.

To start off a series of examples on Advanced Expression-Based Filters, here are some that you may find useful to copy and paste into the filter bar in the Metacoda ACT Reviewer as starting point for finding interesting sets of SAS Access Control Templates:

Unused ACTs: shows only those ACTs which have not been applied to any objects

#@ !inUse

Unprotected ACTs: shows only those ACTs that have not had any access controls applied to them

#@ accessControlCount == 0

… or …

#@ !isProtected

User ACTs: shows only those ACTs that contain permissions for users (hiding those that follow best practices and only use groups)

#@ refersToPerson

Redundant ACTs: shows ACTs that have no definition – no users/groups and permissions.

Custom Read-Access ACTs: shows read-access ACTs (when using a naming standard for ACTs with meticulous use of case and parentheses).

#@ name.contains("(Read)")

The examples above all work with the current Metacoda Plug-ins 6.0 release. In the next release we are extending support for expression-based filters into more filter bars and adding more attributes to those that already support them – stay tuned!

If you have any other useful examples that you have used in the ACT Reviewer please post them as a comment below.